Llamau | Capital Network Solutions

The Result

Andrew Chiplen is Head of Finance of Llamau with direct responsibility for IT and the relationship with CNS. “Together we have a lot of bases to cover from an IT perspective, from our central admin and fundraising functions in Cardiff to approximately 40 other offices, project houses and Learning for Life centres spread across Wales. Whether offering support to an individual user, or a piece of critical server equipment needing attention, CNS are on hand to address any IT issues with first, second and third line support, even working behind the scenes on our behalf with other suppliers that impact on our IT. That takes a huge amount of day-to-day pressure off me to fulfil my other duties to Llamau with minimum distractions, only getting involved if it’s strategically important or has a cost implication.”

In addition to its IT helpdesk remit, CNS has evolved its relationship with Llamau to that of a valuable and trusted advisor, collaboratively developing and maintaining the charity’s strategic five-year rolling IT development plan. “CNS doesn’t just have an intimate knowledge of our systems – they really understand our whole mission too, keeping us alerted to upcoming technology issues and opportunities, and responding to new demands so that we can grow to support more vulnerable people without ever being held back by IT,” said Andrew. “We’re under constant pressure to keep all our costs low, but at the same time to run IT to the highest possible uptime and performance because that’s crucial to our service delivery standards. CNS helps us strike that balance very well.”

Validating security controls

Central to the ethos of Llamau is safeguarding the welfare of its service users, who are among the most vulnerable people in society. This has massive implications from an IT perspective, according to Andrew: “We have a duty of care to protect the extremely sensitive data we hold about service users, from their whereabouts and personal history to their physical and emotional needs. We have always taken this extremely seriously and were keen to find ways of testing, validating and strengthening our IT security posture against present and emerging risks alike.”

Llamau identified the UK government-backed Cyber Essentials certification as a critically important measure to verify its approach and implement improvements where necessary. As the UK’s leading independent authority on Cyber Essentials, and an IASME Gold-accredited Cyber Essentials certification body, CNS was ideally placed to undertake the assessment process for Llamau. “We were one of the first bodies in Wales to sign up to Cyber Essentials in 2014 and, with support from CNS, quickly progressed to achieve the highest certification, Cyber Essentials Plus,” said Andrew.

As part of the recommendations stemming from the Cyber Essentials process, CNS implemented solutions including a Cisco next-generation firewall (NGFW), and made a series of detailed changes to security policies governing users, sites and applications. The changes built upon the existing good practice implemented by Llamau to focus on all five of the technical controls stipulated by Cyber Essentials: boundary firewalls, secure configuration, user access control, malware protection and patch management.

“We now have very robust security measures in place, particularly at project houses where internet access is facilitated but strict content and application filtering is a must. We also tightly control which users and devices are allowed on certain parts of our network, using two-factor authentication and by preventing any ‘Bring-Your-Own-Device’ usage,” said Andrew. “For back-office users, we employ user-centric policies allowing us to control security settings on a really granular basis. But, across the board, the onus is very much on avoiding unnecessary risk because the stakes are just too high.”

Achieving IT success

The result of CNS and Llamau’s efforts to certify a high level of data security governance is, first and foremost, the confidence that service users are protected. Over and above this, holding the Cyber Essentials Plus certification enables Llamau to access tenders for grant funding, and to reassure delivery partners and funding bodies (including local authorities) that everything is being done to address security risks.

CNS has also provided its cyber security expertise in the form of training for Llamau’s tutors, equipping them to support service users in being safer online. “Part of our role is helping homeless and vulnerable people to build digital literacy so that they can take advantage of more opportunities and access more services,” said Andrew. “CNS helps us ensure that they do that safely.”

Additionally, in line with Llamau’s continuing objective to optimise its business performance while minimising costs, CNS undertook an infrastructure refresh project in 2016 that leveraged virtualisation technology to reduce the number of servers in use from six to four. This was identified via the five-year IT development plan several months prior to the existing infrastructure reaching end of warranty.

Looking to the future, Llamau plans to steadily increase in size and continue harnessing IT to fulfil its mission. “IT moves very quickly and I’m sure we will be dictated to, in part, by new standards to meet and challenges to overcome. As these arise, we have a reliable and conscientious partner in CNS, who have the skills to help us obtain full value from IT without getting bogged down in the details, or seriously affected by security threats.”

Summary of Key Benefits

Continuous business operations safeguarded by highly competent and proactive IT helpdesk
Additional value including proactive advice, strategic IT planning and coordination of other suppliers in Llamau’s IT ecosystem
Successfully achieved high standard of IT performance with value for money
Total protection of service users’ sensitive data within a compliant, certified governance framework